© The Institute of Chartered Accountants of India
© The Institute of Chartered Accountants of India
© The Institute of Chartered Accountants of India
Question 2
(a) Business Processes are documented/designed using flow-charts to understand the
process in visualized form. Being a business advisor, what advantages of flow-charts will
you suggest to represent the business processes in diagrammatic form? (6 Marks)
(b) Explain any four examples of Segregation of Duties (SoD) controls. (4 Marks)
Answer
(a) The advantages of Flowcharts to represent the business process in diagrammatic form are
as follows:
i. Quicker grasp of relationships: The relationship between various elements of the
application program/business process must be identified. Flowchart can help depict
a lengthy procedure more easily than by describing it by means of written notes.
ii. Effective Analysis: The flowchart becomes a blueprint of a system that can be
broken down into detailed parts for study. Problems may be identified, and new
approaches may be suggested by flowcharts.
iii. Communication: Flowcharts aid in communicating the facts of a business problem
to those whose skills are needed for arriving at the solution.
iv. Documentation: Flowcharts serve as a good documentation which aid greatly in
future program conversions. In the event of staff changes, they serve as training
function by helping new employees in understanding the existing programs.
v. Efficient coding: Flowcharts act as a guide during the system analysis and program
preparation phase. Instructions coded in a programming language may be checked
against the flowchart to ensure that no steps are omitted.
vi. Program Debugging: Flowcharts serve as an important tool during program
debugging by detecting, locating and removing mistakes.
vii. Efficient program maintenance: The maintenance of operating programs is
facilitated by flowcharts that help the programmer to concentrate attention on that
part of the information flow which is to be modified.
viii. Identifying Responsibilities: Specific business processes can be clearly identified
to functional departments thereby establishing responsibility of the process owner.
ix. Establishing Controls: Business process conflicts and risks can be easily identified
for recommending suitable controls.
(b) The examples of Segregation of Duties (SoD) Controls are as below:
i. Transaction Authorization: Information systems can be programmed or configured
to require two (or more) persons to approve certain transactions. This is seen in retail
establishments where a manager is required to approve a large transaction or a
iv. Network connection and routing control: The traffic between networks should be
restricted, based on identification of source and authentication access policies
implemented across the enterprise network facility.
v. Security of network services: The techniques of authentication and authorization
policy should be implemented across the organization’s network.
vi. Firewall: A Firewall is a system that enforces access control between two networks.
To accomplish this, all traffic between the external network and the organization’s
Intranet must pass through the firewall that will allow only authorized traffic between
the organization and the outside to pass through it. The firewall must be immune to
penetrate from both outside and inside the organization.
vii. Encryption: Encryption is the conversion of data into a secret code for storage in
databases and transmission over networks. The sender uses an encryption algorithm
with a key to convert the original message called the Clear text into Cipher text. This
is decrypted at the receiving end.
viii. Call Back Devices: It is based on the principle that the key to network security is to
keep the intruder off the Intranet rather than imposing security measure after the
criminal has connected to the intranet. The call- back device requires the user to enter
a password and then the system breaks the connection. If the caller is authorized,
the call back device dials the caller’s number to establish a new connection. This limit
access only from authorized terminals or telephone numbers and prevents an intruder
masquerading as a legitimate user. This also helps to avoid the call forwarding and
man-in-the middle attack.
(b) The risks associated with Bring Your Own Device (BYOD) program are classified as below:
i. Network Risks: It is normally exemplified and hidden in ‘Lack of Device Visibility’.
When company-owned devices are used by all employees within an organization, the
organization’s IT practice has complete visibility of the devices connected to the
network. This helps to analyze traffic and data exchanged over the Internet. As BYOD
permits employees to carry their own devices (smart phones, laptops for business
use), the IT practice team is unaware about the number of devices being connected
to the network. As network visibility is of high importance, this lack of visibility can be
hazardous.
ii. Device Risks: It is normally exemplified and hidden in ‘Loss of Devices’. A lost or
stolen device can result in an enormous financial and reputational embarrassment to
an organization as the device may hold sensitive corporate information. Data lost from
stolen or lost devices ranks as the top security threats as per the rankings released
by Cloud Security Alliance. With easy access to company emails as well as corporate
intranet, company trade secrets can be easily retrieved from a misplaced device.
iii. Application Risks: It is normally exemplified and hidden in ‘Application Viruses and
Malware’. A related report revealed that most employees’ phones and sma rt devices
that were connected to the corporate network weren’t protected by security software.
With an increase in mobile usage, mobile vulnerabilities have increased concurrently.
Organizations are not clear in deciding that ‘who is responsible for devic e security –
the organization or the user’.
iv. Implementation Risks: It is normally exemplified and hidden in ‘Weak BYOD Policy’.
The effective implementation of the BYOD program should not only cover the
technical issues mentioned above but also mandate the development of a robust
implementation policy. Because corporate knowledge and data are key assets of an
organization, the absence of a strong BYOD policy would fail to communicate
employee expectations, thereby increasing the chances of device misuse.
Question 4
(a) Central database is the main feature of an ERP system. As the complete data is stored at
one place, ensuring safety of data and minimizing risk of loss of data is a big challenge.
As an IT expert, discuss the risks associated with various aspects of ERP. (6 Marks)
(b) Explain the concept of E-Commerce briefly. How can you protect your E-Commerce
business from intrusion? (4 Marks)
Answer
(a) The Risks associated with various aspect of Enterprise Resource Planning (ERP) are given
below:
i. Data Access: Data is stored centrally, and all the departments access the central
data. This creates a possibility of access to non-relevant data.
ii. Data Safety: As there is only one set of data, if this data is lost, whole business may
come to stand still. For the physical safety of data, risk of total or partial loss of data
are considered. Whereas for the electronic safety of data; risk of changes in data, risk
of partial/complete deletion of data, risk of leakage of information and risk of incorrect
input of data are considered.
iii. Speed of Operation: As data is maintained centrally, gradually the data size
becomes more and more and it may reduce the speed of operation.
iv. Change in process: As the overall system is integrated, a small change in process
for one department may require lot of efforts and money.
v. Staff Turnover: As the overall system is integrated and connected with each other
department, it becomes complicated and difficult to understand. In case of staff
turnover, it becomes increasingly difficult to maintain the system.
vi. System Failure: As everybody is connected to a single system and central database,
in case of failure of system, the whole business may come to stand still and may get
affected badly.
(b) Definition of E-commerce are as follows:
E-Commerce can be defined as “Sale/Purchase of goods/services through electronic
mode.” This could include the use of technology in the form of Computers, Desktops,
Mobile Applications, etc. In other words, E-Commerce is the process of doing business
electronically. It refers to the use of technology to enhance the processing of commercial
transactions between a company, its customers and its business partners. It involves the
automation of a variety of Business-To-Business (B2B) and Business-To-Consumer (B2C)
transactions through reliable and secure connections.
E-Commerce business can be protected from intrusion using following methods:
i. Viruses: Check your website daily for viruses, the presence of which can result in the
loss of valuable data.
ii. Hackers: Use software packages to carry out regular assessments of how vulnerable
your website is to hackers.
iii. Passwords: Ensure employees change these regularly and that passwords set by
former employees of your organization are defunct.
iv. Regular software updates: The site should always be up to date with the newest
versions of security software. If it is not done, the website will become vulnerable to
attack.
v. Sensitive data: This involves considering the encryption of financial information and
other confidential data (using encryption software). Hackers or third parties will not
be able to access encrypted data without a key. This is particularly relevant for any
e-Commerce sites that use a shopping cart system.
vi. Know the details of your payment service provider contract.
Question 5
(a) Banks face the challenge of addressing the threat of money laundering on multiple fronts
as banks can be used as primary means for transfer of money across geographies. In light
of the above statement, discuss the Money Laundering process and its different stages.
(6 Marks)
(b) (i) What do you understand by Regulatory Compliance? (2 Marks)
(ii) Write a brief description of three tier architecture of Application Software. (2 Marks)
OR
Explain briefly the concept of Role-Based-Access-Control (RBAC) in ERP System.
Answer
(a) Section 3 of Prevention of Money Laundering Act (PMLA), 2002 defines 'Money
Laundering’ as: ‘whosoever directly or indirectly attempts to indulge or knowingly assists
or knowingly is a party or is actually involved in any process or activity connected with the
proceeds of crime and projecting it as untainted property shall be guilty of the o ffence of
money-laundering”.
In other words, Money laundering may be defined as the process by which the proceeds
of the crime and the true ownership of those proceeds are concealed or made opaque so
that the proceeds appear to come from a legitimate source. The objective in money
laundering is to conceal the existence, illegal source, or illegal application of income to
make it appear legitimate. Money laundering is commonly used by criminals to make ‘dirty’
money appear ‘clean’ or the profits of criminal activities are made to appear legitimate.
Stages of Money Laundering are as follows:
i. Placement: The first stage involves the Placement of proceeds derived from illegal
activities - the movement of proceeds frequently currency, from the scene of the crime
to a place, or into a form less suspicious and more convenient for the criminal.
ii. Layering: Layering involves the separation of proceeds from illegal source using
complex transactions designed to obscure the audit trail and hide the proceeds.
Layering involves sending the money through various financial transactions to change
its form and make it difficult to follow. Layering may consist of several banks to bank
transfers or wire transfers between different accounts in different names in different
countries making deposit and withdrawals to continually vary the amount of money in
the accounts changing the money’s currency purchasing high value items (boats,
houses cars, diamonds) to change the form of money, thus making it hard to trace.
iii. Integration: Integration involves conversion of illegal proceeds into apparently
legitimate business earnings through normal financial or commercial operations.
Integration creates the illusion of a legitimate source for criminally derived funds and
involves techniques as numerous and creative as those used by legitimate
businesses.
(b) (i) Regulatory Compliance describes the goal that organizations aspire to achieve in
their efforts to ensure that they are aware of and take steps to comply with relevant
laws, policies, and regulations. This approach is used to ensure that all necessary
governance requirements can be met without the unnecessary duplication of effort
and activity from resources.
In other words, Regulatory Compliance is an organization’s adherence to laws,
regulations, guidelines and specifications relevant to its business. Violations of
Question 7
(a) "Strategic Management concepts are useful for educational institutions." Explain with
reasons. (5 Marks)
(b) "Industry and competitive analysis begins with an overview of the industry's dominant
economic features." Explain and also narrate the factors to be considered in profiling in
industry's economic features. (5 Marks)
Answer
(a) Education is considered to be a noble profession. An educational institution often functions
as a not-for-profit organization managed by trusts and societies. They include schools,
colleges and universities. Being inherently non-commercial in nature, educational
organisations do not have cut-throat competition as in case of their commercial
counterparts. However, as the number of institutions belonging to both public and private
sector are increasing, the competition is gradually rising. Key reasons for use of strategic
management techniques in educational institutes are as follows:
• Getting better name and recognition.
• Adopt different strategies for attracting best students.
• Appointing and retaining quality faculty for teaching.
• Deliver education to make graduates more employable.
• Nurturing responsible citizens.
(b) Industry is “a group of firms whose products have same and similar attributes such that
they compete for the same buyers.” Industries differ significantly in their basic character
and structure. Industry and competitive analysis begins with an overview of the industry’s
dominant economic features. The factors to be considered while profiling an industry’s
economic features are fairly standard and are given as under:
Size and nature of market.
Scope of competitive rivalry.
Market growth rate and position in the business life.
Number of rivals and their relative market share.
The number of buyers and their relative sizes.
The types of distribution channels used to access consumers.
The pace of technological change in both production process innovation and new
product introductions.
Whether the products and services of rival firms are highly differentiated, weakly
differentiated, or essentially identical?
(iii) Needs which business tries to satisfy, customer groups it wishes to target and the
technologies and competencies it uses and the activities it performs.
(b) A strategic alliance is a relationship between two or more businesses that enables each to
achieve certain strategic objectives which neither would be able to achieve on its own. The
strategic partners maintain their status as independent and separate entities, share the
benefits and control over the partnership, and continue to make contributions to the
alliance until it is terminated.
Advantages of Strategic Alliance
Strategic alliance usually is only formed if they provide an advantage to all the parties in
the alliance. These advantages can be broadly categorised as follows:
1. Organizational: Strategic alliance helps to learn necessary skills and obtain certain
capabilities from strategic partners. Strategic partners may also help to enhance
productive capacity, provide a distribution system, or extend supply chain. Strategic
partners may provide a good or service that complements thereby creating a synergy.
Having a strategic partner who is well-known and respected also helps add legitimacy
and creditability to a new venture.
2. Economic: There can be reduction in costs and risks by distributing them across the
members of the alliance. Greater economies of scale can be obtained in an alliance,
as production volume can increase, causing the cost per unit to decline. Finally,
partners can take advantage of co-specialization, creating additional value.
3. Strategic: Rivals can join together to cooperate instead of compete. Vertical
integration can be created where partners are part of supply chain. Strategic alliances
may also be useful to create a competitive advantage by the pooling of resources and
skills. This may also help with future business opportunities and the development of
new products and technologies. Strategic alliances may also be used to get access
to new technologies or to pursue joint research and development.
4. Political: Sometimes strategic alliances are formed with a local foreign business to
gain entry into a foreign market either because of local prejudices or legal barriers to
entry. Forming strategic alliances with politically-influential partners may also help
improve your own influence and position.
Question 9
(a) Discuss in what conditions rivalry among competitors tends to be cut-throat and profitability
of the industry goes down. (5 Marks)
(b) Discuss the various approaches for evaluating the worth of a business. (5 Marks)
Answer
(a) The intensity of rivalry in an industry is a significant determinant of industry attractiveness
and profitability. The intensity of rivalry can influence the costs of suppliers, distribution,
and of attracting customers and thus directly affect the profitability. The more intensive the
rivalry, the less attractive is the industry. Rivalry among competitors tends to be cutthroat
and industry profitability low when
(i) An industry has no clear leader.
(ii) Competitors in the industry are numerous.
(iii) Competitors operate with high fixed costs.
(iv) Competitors face high exit barriers.
(v) Competitors have little opportunity to differentiate their offerings.
(vi) The industry faces slow or diminished growth.
(b) Various approaches for determining a business’s worth can be grouped into three main
approaches:
(i) Net worth or stockholders’ equity: Net worth is the total assets minus total outside
liabilities of an organisation.
(ii) Future benefits to owners through net profits: These benefits are considered to
be much greater than the amount of profits. A conservative rule of thumb is to
establish a business’s worth as five times the firm’s current annual profit. A five -year
average profit level could also be used.
(iii) Market-determined business worth: This approach involves three methods. First,
the firm’s worth may be based on the selling price of a similar company. The second
approach is called the price-earnings ratio method whereby the market price of the
firm’s equity shares is divided by the annual earnings per share and multiplied by the
firm’s average net income for the preceding years. The third approach can be called
the outstanding shares method whereby one has to simply multiply the number of
shares outstanding by the market price per share and add a premium.
Question 10
(a) Distinguish between transformational leadership style and transactional leadership style.
(b) Explain concept and nature of BPR. (5 Marks)
OR
Write a short note on the concept of cost leadership strategy and how to achieve it?
(5 Marks)
Answer
(a) Difference between transformational and transactional leadership are as follows:
1. Transformational leadership style uses charisma and enthusiasm to inspire people to
exert them for the good of organization. Transactional leadership style uses the
authority of its office to exchange rewards such as pay, status symbols etc.
(b) After defining risk appetite, strategies are set to manage risks. Explain any four risk
management strategies. (4 Marks)
Answer
(a) Major Update Controls under Database Controls are as follows:
• Sequence Check between Transaction and Master Files: Synchronization and the
correct sequence of processing between the master file and transaction file is critical
to maintain the integrity of updating, insertion or deletion of records in the master file
with respect to the transaction records. If errors, in this stage are overlooked, it leads
to corruption of the critical data.
• Ensure All Records on Files are processed: While processing, the transaction file
records mapped to the respective master file, and the end-of-file of the transaction
file with respect to the end-of-file of the master file is to be ensured.
• Process multiple transactions for a single record in the correct order: Multiple
transactions can occur based on a single master record (e.g. dispatch of a product to
different distribution centers). Here, the order in which transactions are processed
against the product master record must be done based on a sorted transaction codes.
• Maintain a suspense account: When mapping between the master record to
transaction record results in a mismatch due to failure in the corresponding record
entry in the master record; then these transactions are maintained in a suspense
account.
Major Report Controls under Database Controls are as follows:
• Standing Data: Application programs use many internal tables to perform various
functions like gross pay calculation, billing calculation based on a price table, bank
interest calculation etc. Maintaining integrity of the pay rate table, price table and
interest table is critical within an organization.
• Print-Run-to Run Control Totals: Run-to-Run control totals help in identifying errors
or irregularities like record dropped erroneously from a transaction file, wrong
sequence of updating or the application software processing errors.
• Print Suspense Account Entries: Similar to the update controls, the suspense
account entries are to be periodically monitors with the respective error file and action
taken on time.
• Existence/Recovery Controls: The back-up and recovery strategies together
encompass the controls required to restore failure in a database. Backup strategies
are implemented using prior version and logs of transactions or changes to the
database. Recovery strategies involve roll-forward (current state database from a
previous version) or the roll-back (previous state database from the current version)
methods.
• Reduction of lead-time: The elapsed time between placing an order and receiving it
is known as the Lead-time. The ERP Systems by virtue of their integrated nature with
many modules like Finance, Manufacturing, Material Management Module etc.; the
use of the latest technologies like EFT (Electronic Fund Transfer), EDI (Electronic
Data Interchange) reduce the lead times and make it possible for the organizations
to have the items at the time they are required.
• On-time Shipment: Since the different functions involved in the timely delivery of the
finished goods to the customers- purchasing, material management production,
production planning, plant maintenance, sales and distribution – are integrated and
the procedures automated; the chances of errors are minimal and the production
efficiency is high. Thus, by integrating the various business functions and automating
the procedures and tasks the ERP system ensures on-time delivery of goods to the
customers.
• Reduction in Cycle Time: Cycle time is the time between placement of the order
and delivery of the product. In an ERP System; all the data, updated to the minute, is
available in the centralized database and all the procedures are automated, almost
all these activities are done without human intervention. This efficiency of the ERP
systems helps in reducing the cycle time.
• Improved Resource utilization: The efficient functioning of the different modules in
the ERP system like manufacturing, material management, plant maintenance, sales
and distribution ensures that the inventory is kept to a minimum level, the machine
down time is minimum and the goods are produced only as per the demand and the
finished goods are delivered to the customer in the most efficient way. Thus, the ERP
systems help the organization in drastically improving the capacity and resource
utilization.
• Better Customer Satisfaction: Customer satisfaction means meeting or exceeding
customer’s requirements for a product or service. With the help of web -enabled ERP
systems, customers can place the order, track the status of the order and make the
payment sitting at home. Since all the details of the product and the customer are
available to the person at the technical support department also, the company will be
able to better support the customer.
• Improved Supplier Performance: ERP systems provide vendor management and
procurement support tools designed to coordinate all aspects of the procurement
process. They support the organization in its efforts to effectively negotiate, monitor
and control procurement costs and schedules while assuring superior product quality.
The supplier management and control processes are comprised of features that will
help the organization in managing supplier relations, monitoring vendor activities and
managing supplier quality.
• Increased Flexibility: ERP Systems help the companies to remain flexible by making
the company information available across the departmental barriers and automating
most of the processes and procedures, thus enabling the company to react quickly to
the changing market conditions.
• Reduced Quality Costs: Quality is defined in many different ways- excellence,
conformance to specifications, fitness for use, value for the price and so on. The ERP
System’s central database eliminates redundant specifications and ensures that a
single change to standard procedures takes effect immediately throughout the
organization. The ERP systems also provide tools for implementing total quality
management programs within an organization.
• Better Analysis and Planning Capabilities: Another advantage provided by ERP
Systems is the boost to the planning functions. By enabling the comprehensive and
unified management of related business functions such as production, finance,
inventory management etc. and their data, it becomes possible to utilize fully many
types of Decision Support Systems (DSS) and simulation functions, what-if analysis
and so on; thus, enabling the decision-makers to make better and informed decisions.
• Improved information accuracy and decision-making capability: The three
fundamental characteristics of information are accuracy, relevancy and timeliness.
The information needs to be accurate, relevant for the decision-maker and available
to the decision-makers when he requires it. The strength of ERP Systems- integration
and automation – help in improving the information accuracy and help in better
decision-making.
• Use of Latest Technology: ERP packages are adapted to utilize the latest
developments in Information Technology such as open systems, client/server
technology, Cloud Computing, Mobile computing etc. It is this adaptation of ERP
packages to the latest changes in IT that makes the flexible adaptation to changes in
future development environments possible.
(b) To develop grid computing security architecture, following constraints are taken from the
characteristics of grid environment and application:
• Single Sign-on: A user should authenticate once and they should be able to acquire
resources, use them, and release them and to communicate internally without any
further authentication.
• Protection of Credentials: User passwords, private keys, etc. should be protected.
• Interoperability with local security solutions: Access to local resources should
have local security policy at a local level. Despite of modifying every local resource
there is an inter-domain security server for providing security to local resource.
• Exportability: The code should be exportable i.e. they cannot use a large amount of
encryption at a time. There should be a minimum communication at a time.
Answer
(a) The components of Enterprise Resource Management (ERM) framework are as follows:
(i) Internal Environment: The internal environment encompasses the tone of an
organization and sets the basis for how risk is viewed and addressed by an entity’s
people, including risk management philosophy and risk appetite, integrity and ethical
values, and the environment in which they operate. Management sets a philosophy
regarding risk and establishes a risk appetite. The internal environment sets the
foundation for how risk and control are viewed and addressed by an entity’s people.
The core of any business is its people – their individual attributes, including integrity,
ethical values and competence – and the environment in which they operate. They
are the engine that drives the entity and the foundation on which everything rests.
(ii) Objective Setting: Objectives should be set before management can identify events
potentially affecting their achievement. ERM ensures that management has a process
in place to set objectives and that the chosen objectives support and align with the
entity’s mission/vision and are consistent with the entity’s risk appetite.
(iii) Event Identification: Potential events that might have an impact on the entity should
be identified. Event identification includes identifying factors – internal and external –
that influence how potential events may affect strategy implementation and
achievement of objectives. It includes distinguishing between potential events that
represent risks, those representing opportunities and those that may be both.
Opportunities are channelled back to management’s strategy or objective-setting
processes. Management identifies inter-relationships between potential events and
may categorize events to create and reinforce a common risk language across the
entity and form a basis for considering events from a portfolio perspective.
(iv) Risk Assessment: Identified risks are analyzed to form a basis for determining how
they should be managed. Risks are associated with related objectives that may be
affected. Risks are assessed on both an inherent and a residual basis, and the
assessment considers both risk likelihood and impact. A range of possible results
may be associated with a potential event, and management needs to consider them
together.
(v) Risk Response: Management selects an approach or set of actions to align assessed
risks with the entity’s risk tolerance and risk appetite, in the context of the strategy
and objectives. Personnel identify and evaluate possible responses to risks, including
avoiding, accepting, reducing and sharing risk.
(vi) Control Activities: Policies and procedures are established and executed to help
ensure that the risk responses that management selected, are effectively carried out.
(vii) Information and Communication: Relevant information is identified, captured and
communicated in a form and time frame that enable people to carry out their
(ii) Cryptography: It deals with programs for transforming data into cipher text that are
meaningless to anyone, who does not possess the authentication to access the
respective system resource or file. A cryptographic technique encrypts data (clear
text) into cryptograms (cipher text) and its strength depends on the time and cost to
decipher the cipher text by a cryptanalyst. Three techniques of cryptography are
transposition (permute the order of characters within a set of data), substitution
(replace text with a key-text) and product cipher (combination of transposition and
substitution).
Answer
(a) Human resource management has been accepted as a strategic partner in the
formulation of organization’s strategies and in the implementation of such strategies
through human resource planning, employment, training, appraisal and reward systems.
The following points should be kept in mind as they can have a strong influence on
employee competence:
1. Recruitment and selection: The workforce will be more competent if a firm can
successfully identify, attract, and select highly competent applicants.
2. Training: The workforce will be more competent if employees are well trained to
perform their jobs properly.
3. Appraisal of performance: The performance appraisal is to identify any performance
deficiencies experienced by employees due to lack of competence. Such deficiencies,
once identified, can often be solved through counseling, coaching or training.
4. Compensation: A firm can usually increase the competency of its workforce by
offering pay, benefits and rewards that are not only attractive than those of their
competitors but also recognizes merit.
(b) Strategic Vision
A strategic vision is a roadmap of a company’s future – providing specifics about
technology and customer focus, the geographic and product markets to be pursued, the
capabilities it plans to develop, and the kind of company that management is trying to
create. It helps the company to answer the question “where we are to go” and provides
a convincing rationale for why this makes good business sense for the company.
A strategic vision delineates organization’s aspirations for the business, providing a
panoramic view of the position where the organization is going. A strategic vision points
an organization in a particular direction, charts a strategic path for it to follow in preparing
for the future, and molds organizational identity.
Essentials of a strategic vision
The entrepreneurial challenge in developing a strategic vision is to think creatively
about how to prepare a company for the future.
Forming a strategic vision is an exercise in intelligent entrepreneurship.
A well-articulated strategic vision creates enthusiasm among the members of the
organization.
The best-worded vision statement clearly illuminates the direction in which
organization is headed.
Question 10
(a) "There is a need for Strategic Management for government and medical organization too."
Comments. (5 Marks)
(b) Briefly describe the meaning of divestment and liquidation strategy and establish difference
between the two.
OR
Write a short note on requirement of strategy audit. What are the basic activities of
strategic audit? (5 Marks)
Answer
(a) Need for strategic management for government and medical organization
Yes, there is a need of strategic management for government and medical organizations
like the commercial organizations because optimum utilization of resources in view of their
scarcity, good strategy formulation and its effective implementation & proper monitoring is
needed equally in both types of organizations.
Organizations can be classified as commercial and non-commercial on the basis of the
interest they have. Typically, a government or medical organization may function without
any commercial objectives. A commercial organization has profit as its main aim. We can
find many organizations around us, which do not have any commercial objective of making
profits. Their genesis may be for social, charitable, or educational purposes.
The strategic-management process is being used effectively by countless non-profit
governmental organizations. Many non-profit and governmental organizations
outperform private firms and corporations on innovativeness, motivation, productivity, and
human resource.
Compared to for-profit firms, non-profit and governmental organizations often function as
a monopoly, produce a product or service that offers little or no measurability of
performance, and are totally dependent on outside financing. Especially for these
organizations, strategic management provides an excellent vehicle for developing
and justifying requests for needed financial support.
Government Organizations: Central, state, municipal agencies, public sector units,
department are responsible for formulating, implementing and evaluating strategies that
use taxpayers’ money in the most cost-effective way to provide services and programs.
Therefore, strategic management concepts are required for them.
Medical Organizations: Modern hospitals quite often are using strategic management for
creating new strategy and implementing properly for diagnosis and treatment of different
diseases at lower price. Forward and Backward integration strategies are also required in
hospitals for providing better services at lower cost.
When the goals and objectives of the strategy are not being accomplished.
When a major change takes place in the external environment of the organization.
When the top management plans:
(a) To fine-tune the existing strategies and introduce new strategies; and
(b) To ensure that a strategy that has worked in the past continues to be in-tune
with subtle internal and external changes that may have occurred since the
formulation of strategies.
Adequate and timely feedback is the cornerstone of effective strategy audit. Strategy audit
can be no better than the information on which it is based.
Strategy Audit includes three basic activities:
1. Examining the underlying bases of a firm’s strategy,
2. Comparing expected results with actual results, and
3. Taking corrective actions to ensure that performance conforms to plans.
Virtual memory is an allocation of temporary space on hard disk space to help RAM.
When RAM runs low, virtual memory moves data from RAM to a space called a paging
file. Moving data to and from the paging file frees up RAM to complete its work.
Differences between Virtual Memory and Secondary Memory are given below:
Virtual Memory Secondary Memory
Virtual Memory is an imaginary memory Secondary memory is a storage device
area that combines computer’s RAM with having features of non-volatility (contents
temporary space on the hard disk. are permanent in nature), greater
capacity (they are available in large size),
and greater economy.
When RAM runs low, virtual memory The secondary memory is available in
moves data from RAM to a space called bigger sizes; thus program and data can
a paging file. Moving data to and from the be stored permanently.
paging file frees up RAM to complete its
work.
Question 2
(a) The Goods and Service Tax (GST) rate in India for various goods and services is divided
broadly under 4 categories, draw a flowchart to compute Goods and Service Tax for the
goods manufactured as per table below.
Category (K) Rate
A 5%
B 12%
C 18%
D 28%
(6 Marks)
(b) Information systems have set high hopes to companies for their growth as it reduces
processing speed and helps in cutting cost. Being an auditor of ABC manufacturing
company, discuss the key areas that should pay attention to while evaluating Managerial
controls by top management. (4 Marks)
Answer
(a) Abbreviations used in flowchart are as follows:
K: category for various goods and services
PA, PB, PC, PD: Price of goods manufactured under categories A, B, C and D respectively.
Tax: Goods and Services tax
This flowchart is based on the assumption that the Price value (P A, PB, PC, PD) may vary
depending upon the category of Goods manufactured (A, B, C and D) respectively.
Start
Read K
If K=B? Read PB
Yes Tax=PB*0.12
No
Read PD Tax=PD*0.28
PrintTax
Stop
Alternate Presentation
This flowchart is based on the assumption that the Price value V is same for all the Goods
manufactured (A, B, C and D) irrespective of their category.
Abbreviations used in flowchart are as follows:
K: Category for various goods and services
V: Price of goods manufactured.
GST: Goods and Services tax
Start
Input V, K
GST=V*0.05 If K = A?
Yes
No
GST=V*0.12 If K = B?
Yes
No
GST=V*0.18 If K = C?
Yes
No
GST=V*0.28
Print/Display GST
Stop
(b) The key areas that auditors should pay attention to while evaluating Managerial controls
are as follows:
(i) Planning: Auditors need to evaluate whether top management has formulated a high-
quality information system’s plan that is appropriate to the needs of an organization
or not. A poor-quality information system is ineffective and inefficient leading to losing
of its competitive position within the marketplace.
(ii) Organizing: Auditors should be concerned about how well top management acquires
and manages staff resources.
(iii) Leading: Generally, the auditors examine variables that often indicate when
motivation problems exist or suggest poor leadership – for example, staff turnover
statistics, frequent failure of projects to meet their budget and absenteeism level to
evaluate the leading function. Auditors may use both formal and informal sources of
evidence to evaluate how well top managers communicate with their staff.
(iv) Controlling: Auditors should focus on subset of the control activities that should be
performed by top management – namely, those aimed at ensuring that the information
systems function accomplishes its objectives at a global level. Auditors must evaluate
whether top management’s choice to the means of control over the users of IS
services is likely to be effective or not.
Question 3
(a) Explain the concept of green computing. How will you develop a sustainable green
computing plan? (6 Marks)
(b) From traditional digital payment methods, India is moving towards newer methods of digital
payments. In light of the above statement, briefly explain following new methods.
(i) BHIM (ii) USSD (4 Marks)
Answer
(a) Green Computing
Green Computing or Green IT refers to the study and practice of environmentally
sustainable computing or IT. It is the study and practice of establishing/ using
computers and IT resources in a more efficient and environmentally friendly and
responsible way.
The objective of Green computing is to reduce the use of hazardous materials,
maximize energy efficiency during the product’s lifetime, and promote the recyclability
or biodegradability of defunct products and factory waste.
Green computing’s practices include the implementation of energy-efficient Central
Processing Units (CPUs), servers and peripherals as well as reduced resource
consumption and proper disposal of electronic waste (e-waste).
Top Up Loan: Here the customer already has an existing loan and is applying for
additional amount either for refurbishment or renovation of the house.
Loans for Under Construction Property: In case of under construction properties
the loan is disbursed in tranches / parts as per construction plan.
Question 5
(a) Using the automation technique in modem era of business, the business gets well
developed with a great customer satisfaction of its services and products in which the
customer-oriented supply chain plays a major role. List down the name of all the benefits
of Automating Business processes by explaining any four benefits. (6 Marks)
(b) Write a short note on (i) Digital Library (ii) Payment Gateway (4 Marks)
OR
Cloud based applications are now taking over Installed applications. What are the major
differences between Cloud based Applications and Installed Applications? Explain any
four.
Answer
(a) The benefits of automating Business Processes are as follows:
Quality and Consistency
Time Saving
Visibility
Improved Operational Efficiency
Governance and Reliability
Reduced Turnaround Times
Reduced Costs
These benefits are explained below:
Quality and Consistency: Ensures that every action is performed identically -
resulting in high quality, reliable results and stakeholders will consistently experience
the same level of service.
Time Saving: Automation reduces the number of tasks employees would otherwise
need to do manually. It frees up time to work on items that add genuine value to the
business, allowing innovation and increasing employees’ levels of motivation.
Visibility: Automated processes are controlled and they consistently operate
accurately within the defined timeline. It gives visibility of the process status to the
organization.
OR
(b) Differences between Cloud based Applications and Installed Applications are given below:
Particulars Installed Applications Cloud Based Applications
Installation and As software is installed on Installation on user computer is not
Maintenance hard disc of the computer required. Update and maintenance
used by user, it needs to be are defined responsibility of service
installed on every computer provider.
one by one. This may take
lot of time. Also,
maintenance and updating
of software may take lot of
time and efforts.
Accessibility As software is installed on As software is available through
the hard disc of the user’s online access, to use the software a
computer, user needs to go browser and an internet connection
the computer only, i.e. the is needed. It can be used from any
computer where software is computer in the world. Access to the
installed, to use the software becomes very easy. Also, it
software. It cannot be used can be used 24 x 7.
from any computer.
Mobile Using the software through Mobile application becomes very
Application mobile application is easy as data is available 24x7. As
difficult in this case. technology evolves, mobile
technology is becoming an industry
norm that makes cloud based
application future oriented.
Data Storage Data is physically stored in Data is not stored in the user’s
the premises of the user, server computer. It is stored on a
i.e. on the hard disc of the web server. Ownership of data is
user’s server computer. defined in Service Level Agreement
Hence user will have full (SLA) that defines the rights,
control over the data. responsibilities and authority of both
service provider and service user.
Data Security As the data is in physical Data security is a challenge in case
control of the user, user of cloud based application as the
shall have the full physical data is not in control of the user or
control over the data and owner of data. As time evolves;
he/she can ensure that it is SLAs provides for details of back-up,
not accessed without disaster recovery alternatives being
proper access. used by service provider.
the true test of imitability. Where capabilities require networks of organizational routines,
whose effectiveness depends on the corporate culture, imitation is difficult.
4. Appropriability: Appropriability refers to the ability of the firm’s owners to appropriate
the returns on its resource base. Even where resources and capabilities are capable of
offering sustainable advantage, there is an issue as to who receives the returns on these
resources.
Question 7
(a) Strategy execution is an operations-oriented activity which involves a good fit between
strategy and organizational capabilities, structure, climate & culture. Enumerate the
principal aspects of strategy execution process which are used in most of the situations.
(5 Marks)
(b) X Pvt. Ltd. had recently ventured into the business of co-working spaces when the global
pandemic struck.. This has resulted in the business line becoming unprofitable and
unviable, and a failure of the existing strategy. However, the other businesses of X Pvt.
Ltd. are relatively less affected by the pandemic as compared to the recent co-working
spaces. Suggest a strategy for X Pvt. Ltd. with reasons to justify your answer. (5 Marks)
Answer
(a) Implementation and execution are an operations-oriented activity aimed at shaping the
performance of core business activities in a strategy-supportive manner. To convert
strategic plans into actions and results, a manager must be able to direct organizational
change, motivate people, build and strengthen company’s competencies and competitive
capabilities, create a strategy-supportive work culture, and meet or beat performance
targets. Good strategy execution involves creating strong “fits” between strategy and
organizational capabilities, structure, climate & culture.
In most situations, strategy-execution process includes the following principal
aspects:
1. Developing budgets that steer ample resources into those activities critical to
strategic success.
2. Staffing the organization with the needed skills and expertise, consciously
building and strengthening strategy-supportive competencies and competitive
capabilities and organizing the work effort.
3. Ensuring that policies and operating procedures facilitate rather than impede
effective execution.
4. Using the best-known practices to perform core business activities and pushing
for continuous improvement.
Answer
(a) The role of Chief Executive Officer pertains to Corporate level.
The corporate level of management consists of the Chief Executive Officer (CEO) and
other top-level executives. These individuals occupy the apex of decision making within
the organization.
The role of Chief Executive Officer is to:
1. oversee the development of strategies for the whole organization;
2. defining the mission and goals of the organization;
3. determining what businesses, it should be in;
4. allocating resources among the different businesses;
5. formulating, and implementing strategies that span individual businesses;
6. providing leadership for the organization;
7. ensuring that the corporate and business level strategies which company pursues
are consistent with maximizing shareholders wealth; and
8. managing the divestment and acquisition process.
(b) Spacetek Pvt. Ltd. company has adopted Focus strategy which is one of the Michael
Porter’s Generic strategies. Focus strategies are most effective when consumers have
distinctive preferences or requirements and when rival firms are not attempting to
specialize in the same target segment. An organization using a focus strategy may
concentrate on a particular group of customers, geographic markets, or on particular
product-line segments in order to serve a well-defined but narrow market better than
competitors who serve a broader market.
Advantages of Focus Strategy
1. Premium prices can be charged by the organizations for their focused
product/services.
2. Due to the tremendous expertise about the goods and services that organizations
following focus strategy offer, rivals and new entrants may find it difficult to
compete.
Disadvantages of Focus Strategy
1. The firms lacking in distinctive competencies may not be able to pursue focus
strategy.
2. Due to the limited demand of product/services, costs are high which can cause
problems.
3. In the long run, the niche could disappear or be taken over by larger competitors by
acquiring the same distinctive competencies.
Question 9
(a) Core competencies provide edge to a business over its competitors. Discuss. Also,
briefly state the three areas in which major core competencies are identified. (5 Marks)
(b) Sanya Private Limited is an automobile company. For the past few years, it has been
observed that the progress of the company has become stagnant.. When scrutinized, it
was found that the planning department was performing fairly well but the plans could not
be implemented due to improper use of resources, undesirable tendencies of workers
and non-conformance to norms and standards. You are hired as a Strategic Manager.
Suggest the elements of process of control to overcome the problem. (5 Marks)
Answer
(a) A core competence is a unique strength of an organization which may not be shared by
others. Core competencies are those capabilities that are critical to a business achieving
competitive advantage. In order to qualify as a core competence, the competency should
differentiate the business from any other similar businesses. An organization’s
combination of technological and managerial know-how, wisdom and experience are a
complex set of capabilities and resources that can lead to a competitive advantage
compared to a competitor.
According to C.K. Prahalad and Gary Hamel, major core competencies are identified in
following three areas:
1. Competitor differentiation: The Company can consider having a core competence
if the competence is unique and it is difficult for competitors to imitate. This can
provide a company an edge compared to competitors. It allows the company to
provide better products and services to market with no fear that competitors can
copy it.
2. Customer value: When purchasing a product or service it has to deliver a
fundamental benefit for the end customer in order to be a core competence. It will
include all the skills needed to provide fundamental benefits. The service or the
product has to have real impact on the customer as the reason to choose to
purchase them. If customer has chosen the company without this impact, then
competence is not a core competence and it will not affect the company’s market
position.
3. Application of competencies to other markets: Core competence must be
applicable to the whole organization; it cannot be only one particular skill or
specified area of expertise. Therefore, although some special capability would be
essential or crucial for the success of business activity, it will not be considered as
core competence if it is not fundamental from the whole organization’s point of view.
Thus, a core competence is a unique set of skills and expertise, which will be used
throughout the organization to open up potential markets to be exploited.
(b) Sanya Private Limited deteriorating performance due to poor implementation of plans
that is improper use of resources, undesirable tendencies of the workers, and non-
conformance to norms and standards, all point towards weak controls in the organization.
Implementation of plans cannot assure results unless strong and sufficient controls are
put in place. The management of the company should focus diligently on developing
controls especially in the identified problem areas.
The process of control has the following elements:
(a) Objectives of the business system which could be operationalized into measurable
and controllable standards.
(b) A mechanism for monitoring and measuring the performance of the system.
(c) A mechanism (i) for comparing the actual results with reference to the standards (ii)
for detecting deviations from standards and (iii) for learning new insights on
standards themselves.
(d) A mechanism for feeding back corrective and adaptive information and instructions
to the system, for effecting the desired changes to set right the system to keep it on
course.
Above elements of control would ensure a proper check on improper use of resources,
undesirable tendencies of the workers, and non-conformance to norms and standards
and ensure a result oriented implementation of plans.
Question 10
(a) Moonlight Private Limited deals in multi-products and multi-businesses. It has its own set
of competitors. It seems impractical for the company to provide separate strategic
planning treatment to each one of its product or businesses. As a strategic manager,
suggest the type of structure best suitable for Moonlight Private Limited and state its
benefits. (5 Marks)
(b) Elucidate:
Expanded Marketing Mix (5 Marks)
OR
Matrix Structure
Answer
(a) It is advisable for Moonlight Private Limited to follow the strategic business unit (SBU)
structure.
Moonlight Private Limited has a multi-product and multi-business structure where, each
of these businesses has its own set of competitors. In the given case, Strategic Business
Unit (SBU) structure would best suit the interests of the company.
SBU is a part of a large business organization that is treated separately for strategic
management purposes. It is separate part of large business serving product markets with
readily identifiable competitors. It is created by adding another level of management in a
divisional structure after the divisions have been grouped under a divisional top
management authority based on the common strategic interests.
Very large organizations, particularly those running into several products, or operating at
distant geographical locations that are extremely diverse in terms of environmental
factors, can be better managed by creating strategic business units , just as is the case
for Moonlight Private Limited. SBU structure becomes imperative in an organization with
increase in number, size and diversity.
Benefits of SBUs:
1. Establishing coordination between divisions having common strategic interest.
2. Facilitate strategic management and control.
3. Determine accountability at the level of distinct business units.
4. Allow strategic planning to be done at the most relevant level within the total
enterprise.
5. Make the task of strategic review by top executives more objective and more
effective.
6. Help to allocate resources to areas with better opportunities.
Thus, an SBU structure with its set of advantages would be most suitable for the
company with the given diverse businesses having separate identifiable competitors, but
a common organizational goal.
(b) Expanded Marketing Mix:
Typically, all organizations use a combination of 4 Ps in some form or the other that is
product, price, place, and promotion. However, the above elements of marketing mix are
not exhaustive. There are a few more elements that may form part of an organizational
marketing mix strategy as follows:
1. People: all human actors who play a part in delivery of the market offering and thus
influence the buyer’s perception, namely the firm’s personnel and the customer.
2. Physical evidence: the environment in which the market offering is delivered and
where the firm and customer interact.
3. Process: the actual procedures, mechanisms and flow of activities by which the
product/ service is delivered.
OR
In matrix structure, functional and product forms are combined simultaneously at the
same level of the organization. Employees have two superiors, a product / project
manager and a functional manager. The “home” department - that is, engineering,
manufacturing, or marketing - is usually functional and is reasonably permanent. People
from these functional units are often assigned temporarily to one or more product units or
projects.
The product units / projects are usually temporary and act like divisions in that they are
differentiated on a product-market basis. The matrix structure may be very appropriate
when organizations conclude that neither functional nor divisional forms, even when
combined with horizontal linking mechanisms like strategic business units, are right for
the implementation of their strategies. Matrix structure was developed to combine the
stability of the functional structure with flexibility of the product form. It is very useful
when the external environment (especially its technological and market aspects) is very
complex and changeable.
A matrix structure is most complex of all designs because it depends upon both vertical
and horizontal flows of authority and communication. It may result in higher overhead
costs due to more management positions.
The matrix structure is often found in an organization when the following three
conditions exist:
1. Ideas need to be cross-fertilized across projects or products;
2. Resources are scarce; and
3. Abilities to process information and to make decisions need to be improved.
(b)
(c)
(d)
(B) (c)
(C) (b)
(D) (a)
(E) (d)
(F) (d)
(G) (d)
(H) (b)
2. Kurt Lewin’s Model of Change proposes three phases of change process to make the change lasting.
They are Compliance, Identification and Internalization.
For Dr. Radhika, Compliance and Identification will not a big challenge, as her father has been one of
the most sort after personalities serving the ill in their district. And her return from the USA to serve her
country, especially her district, will help the workforce identify her as a role model and there would
actually be no need for compliance, i.e. Reward and Punishment for bringing about a change.
However, the new lucrative E-Commerce employment opportunities will have to be fought through
Internalization, i.e. internal changing of the individual’s thought process, to give them freedom to learn
and succeed. Thus, Internalization will be the most challenging phase.
3. (a) A strategic business unit (SBU) is any part of a business organization which is treated separately
for strategic management purposes. The concept of SBU is helpful in creating an SBU
organizational structure. It is discrete element of the business serving product markets with readily
identifiable competitors and for which strategic planning can be concluded. It is created by adding
another level of management in a divisional structure after the divisions have been grouped under
a divisional top management authority based on the common strategic interests.
Advantages of SBU are:
♦ Establishing coordination between divisions having common strategic interests.
♦ Facilitates strategic management and control on large and diverse organizations.
♦ Fixes accountabilities at the level of distinct business units.
♦ Allows strategic planning to be done at the most relevant level within the total enterprise.
♦ Makes the task of strategic review by top executives more objective and more effective.
♦ Helps allocate corporate resources to areas with greatest growth opportunities.
1. (A) Aero Mind Bridge Technologies Ltd (AMBTL) is a software development company work as a
solution provider to airlines industry. The company was established more than a decade ago by
Mr. Pranshu Gupta having experience of working in United States of America (USA). His
entrepreneurial desires brought him back to India to promote Aero Mind Bridge Technologies Ltd
(AMBTL). The company started its operations with a meagre capital of ` 10 lakhs with limited
workforce. Currently, it enjoys a valuation of more than ` 50 crores. Almost everybody
acknowledged the competency of AMBTL in developing customised software for the airlines
industry.
The high growth of the company was mainly on account of the heavy inflows of the funds in the
airlines industry from various big business houses that have diversified into airlines industry.
Currently, these business houses were in the manufacturing of FMCG, textiles, packaging etc.
and having good expertise and uniqueness in these industries.
However, AMBTL saw stagnation in last three years. The order position was shrinking day by
day. The margins were also reducing. Last year was particularly bad for the AMBTL and its
annual sales reduced by 20 % for the first time since its inception.
Most of the business houses that had entered in the airlines industry had less knowledge and
experience in the industry. However, their desire to diversify and seeing new opportunity in the
airlines industry prompted them to invest heavily into the industry.
However, things did not turn out to be as expected. The tough competition between several
players, reduction in the fare by railways and high prices of aviation fuel created problems for the
industry. The sector was not able to generate reasonable profits thus resulting difficulty in
maintaining operations. They were in need for hard to come by capital. Lately, the airlines
industry is witnessing some consolidation with companies planning for mergers or even
contemplating closures.
The general global recession also resulted in the reduction of travel expenditure of corporates
resulting in decrease in the order position of AMBTL.
Based on the above Case Scenario, answer the Multiple Choice Questions which are as follows:
Multiple Choice Questions (MCQs)
(i) Identify the nature of diversification by the business houses entering into airlines industry.
(a) Concentric diversification
(b) Conglomerate diversification
(c) Vertically integrated diversification
(d) Horizontal integrated diversification (1 Mark)
(ii) The big business houses were in the manufacturing of FMCG, textiles, packaging etc. and
having good expertise and uniqueness in these industries. But they are not performing well
in airlines industry because of
5
(b) What is corporate culture? How is it both strength and weakness of an organisation? (5 Marks)
(B) (d)
(C) (a)
(D) (c)
(E) (c)
(F) (c)
(G) (d)
(H) (c)
(I) (d)
2. The Delta company is transitioning into the hourglass organization structure because it has used
technological tools to transform various business processes and operations and has significantly
diminished the role played by specialist managers of the middle management. The technological tool in
addition to saving organizational costs by replacing many tasks of the middle management has also served
as a link between top and bottom levels in the organization and assists in faster decision making. The
skewed middle level managers now perform cross-functional duties. All these factors indicate towards
hourglass organization structure.
3. (a) Acquisitions and mergers are basically combination strategies. Some organizations prefer to
grow through mergers. Merger is considered to be a process when two or more companies come
together to expand their business operations. In such a case the deal gets finalized on friendly
terms and both the organizations share profits in the newly created entity. In a merger , two
organizations combine to increase their strength and financial gains along with breaking the trade
barriers.
When one organization takes over the other organization and controls all its business operations,
it is known as acquisition. In this process of acquisition, one financially strong organiza tion
overpowers the weaker one. Acquisitions often happen during recession in economy or during
declining profit margins. In this process, one that is financially stronger and bigger establishes it s
power. The combined operations then run under the name of the powerful entity. A deal in case
6
The implication is that larger firms in an industry would tend to have lower unit costs as
compared to those of smaller organizations, thereby gaining a competitive cost advantage.
Experience curve results from a variety of factors such as learning effects, economies of scale,
product redesign and technological improvements in production.
The concept of experience curve is relevant for a number of areas in strategic management. For
instance, experience curve is considered a barrier for new firms contemplating entry in an
industry. It is also used to build market share and discourage competition.
(b) Corporate culture distinguishes one organisation from another. It refers to a company’s values,
beliefs, business principles, traditions, and ways of operating and internal work environment.
Every corporation has a culture that exerts powerful influences on the behaviour of managers.
Culture affects not only the way managers behave within an organization but also the decisions
they make about the organization’s relationships with its environment and its strategy.
A culture grounded in values, practices, and behavioural norms that match what is needed for
good strategy execution helps energize people throughout the company to do their jobs in a
strategy-supportive manner, adding significantly to the power and effectiveness of strategy
execution
1
3. With the objective of maintaining utmost security, GoCart recruited Mr. Y to examine logs from firewalls,
intrusion detection system and to issue security advisories to other members in IT depar tment. Which
of the following job roles best fits into job profile of Mr. Y?
(a) Operations Manager
(b) Network Architect
(c) Security Analyst
(d) Database Administrator
4. With the recently entered Service Level Agreement (SLA) with Google, GoCart successfully develope d
and deployed its new application. Identify the type of cloud service utilized by GoCart in the application
which is developed online?
(a) Infrastructure as a Service
(b) Platform as a Service
(c) Software as a Service
(d) Network as a Service
5. In addition to routing the revenue in accounts maintained with CSC Bank, GoCart also has taken various
loans and advances from CSC Bank. If CSC Bank faces the information security risk of non -
establishment of user accountability for the accounts created for GoCart, which control would be best
suggested for this?
(a) The identity of users is authenticated to system through password.
(b) System validations have been implemented to restrict set up of duplicate customer master records.
(c) All users are required to have a unique user id.
(d) Access for changes made to the configuration, parameter settings is restricted to authorized user.
Question Nos. 6 to 10 are independent questions of 1 mark each.
6. NMN Ltd. has its five branches in different cities of India. All branches are interconnected and use
centralized mechanism for data sharing and storage. To have a secure communication between its
various branches, the company has installed anti-virus software and intrusion prevention system. The
installation of these systems is covered under which type of control?
(a) Detective Control
(b) Preventive Control
(c) Community Control
(d) Application Control
7. Which of the following term related to Risk refers to an action, device, procedure, technique or other
measure that reduces the vulnerability of a component or system in an organization.
(a) Residual Risk
(b) Risk Management
(c) Threat
(d) Counter Measure
2
8. XYZ Ltd. provides Data Processing services to its clients. It has received a big contract from DEF
Insurance Company for its data processing. With limited PCs at its office, XYZ Ltd. approached Amazon
Web Services to hire and access Virtual Machines for data processing on pay-as per usage concept.
Which Cloud Computing Service Model is being used by XYZ Ltd.?
(a) Software as a Service (SaaS)
(b) Platform as a Service (PaaS)
(c) Infrastructure as a Service (IaaS)
(d) Network as a Service (NaaS)
9. M/s SS and Sons, a renowned chartered accountancy firm has many branch offices all over Madhya
Pradesh. The management thought that as IT operations and the maintenance of hardware and software
are not their core area, they decided to host its application on internet and outsource the IT functions.
Through this initiative, firm provides online services to its clients regarding registration, trademark, and
taxation through an online assistant. This is an example of which type of application.
(a) Cloud based Application
(b) Built-in Application
(c) Installed Application
(d) Customer Application
10. VV designers, the manufacturers of bath accessories allow their customer to pay in cash only. Now, with
the demand of cashless economy the company decided to allow its customers to pay either through
cash or through credit/debit cards. The company uses the key control that transaction cannot be made
if the aggregate limit of out- standing amount exceeds the credit limit assigned to customer. Identify the
risk related to credit card processing for which this key control is applied.
(a) Credit Line setup is unauthorized and not in line with the bank’s policy.
(b) Credit Line setup can be breached.
(c) Masters defined are not in accordance with the Pre-Disbursement Certificate.
(d) Inaccurate reconciliations performed.
Part II: Descriptive Questions
1. (a) Identify the Logical Access Violators who exploit logical exposures in an organization. Briefly
explain them. (3 Marks)
(b) Write a short note on “Automated Teller Machine (ATM) Channel Server”. (2 Marks)
2. (a) ABC Ltd., a soft drink manufacturing company was established in 2010. The company has
implemented some modules of ERP and was managing good business in initial seven years of its
establishment. After that, the customer’s feedback indicated a decline in the sale and therefore,
the targets could not be achieved. On analyzing the customers’ feedback, the management decided
to incorporate CRM Module of ERP System to improvise its relationship with existing customers,
find new prospective customers and win back former customers. The company implemented CRM
module and found acceleration in the growth of its sale for past four years. Discuss various key
benefits of CRM module that the company may have availed after implementing CRM? (6 Marks)
(b) Grid computing is a distributed architecture of large numbers of computers connected to solve a
complex problem. With reference to this line, identify the application areas where this technology
can be used effectively and efficiently. (4 Marks)
3
3. (a) As an internal auditor of an organization, Mr. Anil reviews various physical security controls
implemented within his organization. Discuss various activities that he would perform while doing
auditing these physical access controls? (6 Marks)
(b) Describe the Section 63 in prevention of Money Laundering that specifies the punishment for false
implementation or failure to give information, etc. (4 Marks)
4. (a) Suppose you are an IT consultant of ABC enterprises. What general controls would you apply to
all components of system, processes and data for ABC enterprises to ensure the security of
information system and application program. (6 Marks)
(b) Mr. Rajesh joined as an assistant to Chief Manager of loan department in KK Financials. His job
profile demands to provide an MIS report on every weekend to Chief Manager about the various
details regarding customers’ service calls. Discuss the various criteria that information in his report
should meet, so that it should be useful to the chief manager. (4 Marks)
5. (a) Cloud computing is one of the emerging technologies used in several organizations, yet it has
many pertinent issues. Discuss the major pertinent issues related to cloud computing. (6 Marks)
(b) Determine all the sub processes that are included under an Order to Cash Process. (4 Marks)
4
SECTION – B: STRATEGIC MANAGEMENT
Time Allowed – 1½ Hours Maximum Marks – 50
Question 1 and 2 are compulsory.
Attempt any three questions out of remaining four questions.
1. (A) Amrutha, a third year computer science student living in Tamilnadu, realised that during covid-19
pandemic her mother was not able to buy the basic products that she used in her worship
routine. As a result, many small vendors also went out of business during the lockdown. She
started studying more about the market and observed that the way the business was conducted
had many gaps and loopholes. She dedicated herself to develop a small market place where
consumers like her mother and small vendors could meet and trade, and called it Saamagree.
Her interaction with small vendors was a success factor, where she was able to convince them to
bring their business online and give them volume in sales. Vendors were hesitant early on, but
followed suit when they saw the benefits coming in. Amrutha, being a student was happy with the
growth and wanted to focus on studies more and let the business operate as usual.
To her surprise, her father's company which was a big FMCG brand took over her business
within a year itself, and designated Ms. Srividya Rajanan, to lead the division with Amrutha.
Amrutha, knew her customers and vendors very closely and Ms. Rajanan was an expansion
expert. So their division was developed as a simple structure within the organisation as an
experiment.
Ms. Rajanan’s marketing team expanded swiftly to rope in vendors from areas far and beyond
backed by their in-house distribution channels. However, the initial vendors and customers felt
betrayed as their trust rested in Amrutha and her personalised touch to the business. It took the
team months to build an identity that matched the sincerity of a one woman led brand.
The market segment has been a very niche one for the FMCG brand however the results have
been satisfying. The plan is to go Pan-India in the coming years with Amrutha leading from the
front and Ms. Rajanan exiting the division. New markets, new ways of business are inevitable
and bring a freshness to business is what Saamagree has proven.
Based on the above Case Scenario, answer the Multiple Choice Questions.
1. Which of the following characteristics has been one of the biggest strengths of Saamagree’s
management?
(a) Induce and direct events
(b) Induce and direct people
(c) Influence process to make things happen
(d) Gain command over the phenomena (1 Mark)
2. The leadership team decided to keep the organisation structure straight and simple based on
the intricacies of?
(a) Goals and objectives
(b) Vision statement
(c) Business definition
(d) Business model (1 Mark)
5
3. Before Ms. Srividya Rajanan joined the company, Amrutha’s intent was inclined towards which
of the following strategies?
(a) Combination strategy
(b) Retrenchment strategy
(c) Expansion strategy
(d) Stability strategy (1 Mark)
4. The marketing team of Saamagree could not gauge a very crucial aspect of markets that led to
a temporary dent in its brand positioning. Which of the following is being mentioned in the above
scenario?
(a) Switching costs of products
(b) Distribution channel accessibility
(c) Retaliation from the market
(d) Political influence in the industry (1 Mark)
5. The very ideation of the business was based on bringing about a change in existing ways of
business. What can be said about the basis of building Saamagree?
(a) Market penetration
(b) Business process reengineering
(c) Product differentiation
(d) Best cost provider strategy (1 Mark)
(B) A beverage company has more than 500 soft drink brands, but none of them is anywhere close
to its premium brand One Sip in awareness, revenue and profits. As per BCG's Matrix, One Sip
brand for the beverage company is?
(a) Star
(b) Dog
(c) Cash cow
(d) Question mark (2 Marks)
(C) Davis and Lawrence have proposed three distinct phases for development of matrix structure.
These phases are (1) Cross-functional task forces (2) Product/brand management and (3)
______.
(a) Market/external management
(b) Functional matrix
(c) Mature matrix
(d) Internal management (2 Marks)
(D) A famous restaurant enjoys full occupancy during the lunch and dinner time for last few months.
In fact, many customers go back as they have to wait for their turn. Between 15:00 hours to
18:00 hours, the occupancy rate is near to nil. To raise the footfalls of customers during this lean
time, the owner offers a discount of 20% on total bill if a customer comes in these 3 hours. Whic h
type of marketing strategy does the restaurant follow to attract the customers in the lean period?
(a) Differential Marketing
(b) Synchro-marketing
6
(c) Place Marketing
(d) Concentrated Marketing (2 Marks)
(E) What is the first step in the comprehensive strategic-management model?
(a) Developing vision and mission statements
(b) Performing external audits
(c) Measuring and evaluating performance
(d) Establishing long-term objectives (1 Mark)
(F) Which strategy is implemented after the failure of turnaround strategy?
(a) Expansion strategy
(b) Diversification strategy
(c) Divestment strategy
(d) Growth strategy (1 Mark)
(G) A firm successfully implementing a differentiation strategy would expect:
(a) Customers to be sensitive to price increases.
(b) To charge premium prices.
(c) Customers to perceive the product as standard.
(d) To automatically have high levels of power over suppliers. (1 Mark)
(H) Which one is NOT a type of strategic control?
(a) Operational control
(b) Strategic surveillance
(c) Special alert control
(d) Premise control (1 Mark)
2. Kamal Sweets Corner, a very popular sweets shop in Ranchi, was facing tough competition from
branded stores of packaged sweets and imported goods. The owners realised that their busi ness
reduced by 50% in the last six months, and this created a stressful business environment for them. To
find a solution, they consulted a business consultant to help them develop a strategy to fight
competition and sustain their century old family business. The business consultant advised them to
innovate a new snack for the public and market it as a traditional snack of the region. The owners
liked the idea and developed a new snack called Dahi Samosa, which very quickly became popular
amongst the public and it helped regain the lost business of Kamal Sweets Corner.
One of the very crucial importance of strategic management was used by the business consultant to
help the owners of Kamal Sweets Corner. Which one could it be? Also, was this strategy Reactive or
Proactive? According to you who are more beneficial in general parlance? (5 Marks)
3. (a) The presence of strategic management cannot counter all hindrances and always achieve
success for an organisation. What are the limitations attached to strategic management?
(5 Marks)
(b) What is a strategic group? Discuss the procedure for constructing a strategic group map.
(5 Marks)
7
4. (a) Mission statement of a company focuses on the question: ‘who we are’ and ‘what we do’. Explain
briefly. (5 Marks)
(b) Differentiate between Divestment and Liquidation strategy. (5 Marks)
5. (a) Domolo is a premium cycles and cycling equipments brand which targets high spending
customer with a liking for quality and brand name. Their cycles range from rupees fifteen
thousand to rupees one lac. The recent trend of fitness through cycling has created humongous
demand for cycles and peripherals like helmets, lights, braking systems, fitness applications, etc.
The customer base has grown 150% in the last three months. Mr. Vijay, who is an investor wants
to tap in this industry and bring about cheaper options to people who cannot spend so much.
Which business level strategy would best suit for Mr. Vijay’s idea and what are the major sub-
strategies that can be implemented to capture maximum market? (5 Marks)
(b) State the factors of human resource that have influence on employee’s competence. (5 Marks)
6. (a) Suresh Sinha has been recently appointed as the head of a strategic business unit of a large
multiproduct company. Advise Mr Sinha about the leadership role to be played by him in
execution of strategy. (5 Marks)
(b) Explain the various steps in Benchmarking process. (5 Marks)
8
Test Series: April, 2021
MOCK TEST PAPER - II
INTERMEDIATE (NEW): GROUP – II
PAPER – 7: ENTERPRISE INFORMATION SYSTEMS AND STRATEGIC MANAGEMENT
SECTION – A: ENTERPRISE INFORMATION SYSTEMS
ANSWERS
MULTIPLE CHOICE QUESTIONS
1. (b) Operational Risk
2. (d) Testable Business Rules
3. (c) Security Analyst
4. (b) Platform as a Service
5. (c) All users are required to have a unique user id.
6. (b) Preventive Control
7. (d) Counter Measure
8. (c) Infrastructure as a Service (IaaS)
9. (a) Cloud based Application
10. (b) Credit Line setup can be breached.
Descriptive Questions
1. (a) Logical Access Violators are the persons who exploit logical exposures in an organization.
They are mainly as follows:
Hackers: Hackers try their best to overcome restrictions to prove their ability. Ethical
hackers most likely never try to misuse the computer intentionally but assists in finding the
weaknesses in the system;
Employees (authorized or unauthorized);
IS Personnel: They have easiest to access to computerized information since they come
across to information during discharging their duties. Segregation of duties and supervision
help to reduce the logical access violations;
Former Employees: should be cautious of former employees who have left the organization
on unfavorable terms;
End Users; Interested or Educated Outsiders; Competitors; Foreigners; Organized
Criminals; Crackers; Part-time and Temporary Personnel; Vendors and consultants; and
Accidental Ignorant – Violation done unknowingly.
(b) Automated Teller Machines (ATM) Channel Server: This server contains the details of ATM
account holders. Soon after the facility of using the ATM is created by the Bank, the details of
such customers are loaded on to the ATM server. When the Central Database is busy with
central end-of- day activities or for any other reason, the file containing the account balance of
the customer is sent to the ATM switch. Such a file is called Positive Balance File (PBF). This
ensures not only continuity of ATM operations but also ensures that the Central database is
always up-to-date. The above process is applicable to stand alone ATMs at the Branch level. As
most of the ATMs are attached to the central network, the only control is through ATM Switch.
1
2. (a) The key benefits of CRM module that the company may have availed are as follows:
Improved customer relations: One of the prime benefits of using a CRM is obtaining
better customer satisfaction. By using this strategy, all dealings involving servicing,
marketing, and selling out products to the customers can be carried out in an organized and
systematic way. Better services can be provided to customers through improved
understanding of their issues and this in turn helps in increasing customer loyalty and
decreasing customer agitation. In this way, continuous feedback from the customers
regarding the products and services can be received. It is also possible that the customers
may recommend the product to their acquaintances, when efficient and satisfactory services
are provided.
Increase customer revenues: By using a CRM strategy for any business, the revenue of
the company can be increased. Using the data collected, marketing campaigns can be
popularized in a more effective way. With the help of CRM software, it can be ensured that
the product promotions reach a different and brand new set of customers, and not the ones
who had already purchased the product, and thus effectively increase the customer
revenue.
Maximize up-selling and cross-selling: A CRM system allows up-selling which is the
practice of giving customers premium products that fall in the same category of their
purchase. The strategy also facilitates cross selling which is the practice of offering
complementary products to customers, based on their previous purchases. This is done by
interacting with the customers and getting an idea about their wants, needs, and patterns of
purchase. The details thus obtained will be stored in a central database, which is accessible
to all company executives. So, when an opportunity is spotted, the executives can promote
their products to the customers, thus maximizing up-selling and cross selling.
Better internal communication: Following a CRM strategy helps in building up better
communication within the company. The sharing of customer data between different
departments will enable them to work as a team. This is better than functioning as an
isolated entity, as it will help in increasing the company’s profitability and enabling better
service to customers.
Optimize marketing: CRM enables to understand the customer needs and behavior in a
better way, thereby allowing any enterprise to identify the correct time to market its product
to the customers. CRM will also give an idea about the most profitable customer groups,
and by using this information, similar prospective groups, at the right time will be targeted.
In this way, marketing resources can be optimized efficiently and time is not wasted on less
profitable customer groups.
(b) The application areas where Grid Computing can be used effectively and efficiently are as
follows:
Civil engineers collaborate to design, execute, & analyze shake table experiments.
An insurance company mines data from partner hospitals for fraud detection.
An application service provider offloads excess load to a compute cycle provider.
An enterprise configures internal & external resources to support e-Business workload.
Large-scale science and engineering are done through the interaction of people,
heterogeneous computing resources, information systems and instruments, all of which are
geographically and organizationally dispersed.
3. (a) The activities that Mr. Anil would be performing while doing auditing of physical access controls
are as follows:
2
(i) Sitting and Marking: Auditing building sitting and marking requires attention to several key
factors and features, including:
o Proximity to hazards: The IS auditor should estimate the building’s distance to
natural and manmade hazards, such as Dams; Rivers, lakes, and canals; Natural gas
and petroleum pipelines; Water mains and pipelines; Earthquake faults; Areas prone to
landslides; Volcanoes; Severe weather such as hurricanes, cyclones, and tornadoes;
Flood zones; Military bases; Airports; Railroads and Freeways. The IS auditor should
determine if any risk assessment regarding hazards has been performed and if any
compensating controls that were recommended have been carried out.
o Marking: The IS auditor should inspect the building and surrounding area to see if
building(s) containing information processing equipment identify the organization.
Marking may be visible on the building itself, but also on signs or parking stickers on
vehicles.
(ii) Physical barriers: This includes fencing, walls, barbed/razor wire, bollards, and crash
gates. The IS auditor needs to understand how these are used to control access to the
facility and determine their effectiveness.
(iii) Surveillance: The IS auditor needs to understand how video and human surveillance are
used to control and monitor access. He or she needs to understand how (and if) video is
recorded and reviewed, and if it is effective in preventing or detecting incidents.
(iv) Guards and dogs: The IS auditor need to understand the use and effectiveness of security
guards and guard dogs. Processes, policies, procedures, and records should be examined
to understand required activities and how they are carried out.
(v) Key-Card systems: The IS auditor needs to understand how key-card systems are used to
control access to the facility. Some points to consider include: Work zones: Whether the
facility is divided into security zones and which persons are permitted to access which
zones whether key-card systems record personnel movement; What processes and
procedures are used to issue keycards to employees? etc.
(b) [Section 63] Punishment for false information or failure to give information, etc.
(1) Any person willfully and maliciously giving false information and so causing an arrest or a
search to be made under this Act shall on conviction be liable for imprisonment for a term
which may extend to two years or with fine which may extend to fifty thousand rupees or
both.
(2) If any person -
(a) being legally bound to state the truth of any matter relating to an offence under section
3, refuses to answer any question put to him by an authority in the exercise of its
powers under this Act; or
(b) refuses to sign any statement made by him in the course of any proceedings under this
Act, which an authority may legally require to sign; or
(c) to whom a summon is issued under section 50 either to attend to give evidence or
produce books of account or other documents at a certain place and time, omits to
attend or produce books of account or documents at the place or time, he shall pay, by
way of penalty, a sum which shall not be less than five hundred rupees but which may
extend to ten thousand rupees for each such default or failure.
(3) No order under this section shall be passed by an authority referred to in sub-section (2)
unless the person on whom the penalty is proposed to be imposed is given an opportunity of
being heard in the matter by such authority.
3
(4) Notwithstanding anything contained in clause (c) of sub-section (2), a person who
intentionally disobeys any direction issued under section 50 shall also be liable to be
proceeded against under section 174 of the Indian Penal Code (45 of 186 0).
4. (a) General Controls that can be applied to all components of system are as follows:
• Information Security Policy: The security policy is approved by the senior management
and encompasses all areas of operations of bank and drives access to information across
the enterprise and other stakeholders.
• Administration, Access, and Authentication: IT should be administered with appropriate
policies and procedures clearly defining the levels of access to information and
authentication of users.
• Separation of key IT functions: Secure deployment of IT requires the bank to have
separate IT organization structure with key demarcation of duties for different personnel
within IT department and to ensure that there are no Segregation of Duties (SoD) conflicts.
• Management of Systems Acquisition and Implementation: Software solutions for CBS
are most developed acquired and implemented. Hence, process of acquisition and
implementation of systems should be properly controlled.
• Change Management: IT solutions deployed and its various components must be changed
in tune with changing needs as per changes in technology environment, business
processes, regulatory and compliance requirements. These changes impact the live
environment of banking services. Hence, change management process should be
implemented to ensure smooth transition to new environments covering all key changes
including hardware, software and business processes. All changes must be properly
approved by the management, before implementation.
• Backup, Recovery and Business Continuity: Heavy dependence on IT and criticality
makes it imperative that resilience of banking operations should be ensured by having
appropriate business continuity including backup, recovery and off-site data center.
• Proper Development and Implementation of Application Software: Application software
drives the business processes of the banks. These solutions in case developed and
implemented must be properly controlled by using standard software development process.
• Confidentiality, Integrity and Availability of Software and data files: Security is
implemented to ensure Confidentiality, Integrity and Availability of information.
Confidentiality refers to protection of critical information. Integrity refers to ensuring
authenticity of information at all stages of processing. Availability refers to ensuring
availability of information to users when required.
• Incident response and management: There may be various incidents created due to
failure of IT. These incidents need to be appropriately responded and managed as per pre -
defined policies and procedures.
• Monitoring of Applications and supporting Servers: The Servers and applications
running on them are monitored to ensure that servers, network connections and application
software along with the interfaces are working continuously.
• Value Add areas of Service Level Agreements (SLA): SLA with vendors is regularly
reviewed to ensure that the services are delivered as per specified performance
parameters.
• User training and qualification of Operations personnel: The personnel deployed have
required competencies and skill-sets to operate and monitor the IT environment.
4
(b) The various criteria that information in Mr. Rajesh’s report should meet so that it should be useful
to his credit chief manager are as follows:
Relevant - MIS reports need to be specific to the business area they address. This is
important because a report that includes unnecessary information might be ignored.
Timely - Managers need to know what’s happening now or in the recent past to make
decisions about the future. Be careful not to include information that is old. An example of
timely information for your report might be customer phone calls and emails going back 12
months from the current date.
Accurate - It’s critical that numbers add up and that dates and times are correct. Managers
and others who rely on MIS reports can’t make sound decisions with information that is
wrong. Financial information is often required to be accurate to the dollar. In other cases, it
may be OK to round off numbers.
Structured - Information in an MIS report can be complicated. Making that information easy
to follow helps management understand what the report is saying. Try to break long
passages of information into more readable blocks or chunks and give these chunks
meaningful headings.
5. (a) The pertinent issues related to Cloud Computing are as follows:
Threshold Policy: The main objective of implementing threshold policy is to inform cloud
computing service consumers and providers what they should do. Quite often, this policy
does not exist. The only legal document between the customer and service provider is the
Service Level Agreement (SLA). This document contains all the agreements between the
customer and the service provider; it contains what the service provider is doing and is
willing to do. However, there is no standard format for the SLA, and as such, there may be
services not documented in the SLA that the customer may be requiring in future. A
carefully drafted threshold policy outlines what cloud computing service consumers and
providers should do. It is important to consider how the cloud service provider will handle
sudden increases or decreases in demand. How will unused resources be allocated?
Interoperability: If a company enters into a contract with one cloud computing vendor, it
may find it difficult to change to another computing vendor that has proprietary APIs
(application programming interfaces) and different formats for importing and exporting data.
Industry cloud computing standards do not exist for APIs or formats for importing/exporting
data. This creates problems of achieving interoperability of applications between two cloud
computing vendors. Once a company is locked in with one cloud provider, it is not easy to
move an entire infrastructure to other clouds. Moreover, each cloud provider offers a unique
set of services and tools for operating and controlling its cloud. Learning a new cloud
environment is similar to learning a new technology.
Hidden Costs: Such costs may include higher network charges for storage and database
applications, or latency issues for users who may be located far from cloud service
providers.
Unexpected Behaviour: An application may perform well at the company’s internal data
centre. It does not necessarily imply that the application will perform the same way in the
cloud. Therefore, it is essential to test its performance in the cloud for unexpected behavior.
Testing may include checking how the application allocates resources on sudden increase
in demand for resources and how it allocates unused resources. This problem must be
solved before obtaining services from the cloud.
Security Issues: Cloud computing infrastructures use new technologies and services, most
which have not been fully evaluated with respect to security. The important security issues
5
with cloud computing are: the management of the data might not be fully trustworthy; the
risk of malicious insider attacks in the cloud; and the failing of cloud services. Ma intaining
confidentiality is one the major issues faced in cloud systems because information is stored
at a remote location which can be accessed by the service provider. Data confidentiality can
be preserved by encrypting data. Cloud systems share computational resources, storage,
and services between multiple customer applications in order to achieve efficient utilization
of resources while decreasing cost. However, this sharing of resources may violate the
confidentiality users’ IT Assets. It must be ensured that there a degree of isolation between
these users. In most cases, the provider must ensure that their infrastructure is secure and
that their consumers’ data and applications are protected while the customer must ensure
that the provider has taken the proper security measures to protect their information.
Legal Issues: Cloud systems need to adhere to several regulatory requirements, privacy
laws and data security laws. These laws vary from country to country and cloud users have
no control over where their data is physically located.
Software Development in Cloud: From the perspective of the application development,
developers face the complexity of building secure applications that may be hosted in the
cloud. The speed at which applications will change in the cloud will affect both the System
Development Life Cycle (SDLC) and security. The project manager must keep in mind the
applications should be upgraded frequently. For this, the project manager must ensure that
their application development processes are flexible enough to keep up with the changes.
Bugs in Large-Scale Distributed Systems: One of the difficult challenges in Cloud
Computing is removing errors in these very large scale distributed systems.
(b) The different sub processes involved in the process Order to Cash Cycle are as follows:
(i) Sales and Marketing (SM)
Advertises and markets the company’s products and books sales orders from
customers.
(ii) Order Fulfilment
Receives orders from SM.
Checks inventory to establish availability of the product. If the product is available in
stock, transportation is arranged and the product is sent to the customer.
(iii) Manufacturing
If the product is not available in stock, this information is sent to the manufacturing
department so that the product is manufactured and subsequently sent to the
customer.
(iv) Receivables
The invoice is created, sent to the customer, payment received and the invoice closed.
Under each sub process, there could be many activities. For example:
o Main Process - Order Fulfilment
o Sub Process –Receive Orders
o Other Activities –Check correctness and validity of information in order, enter
order in computer system, check credit worthiness of customer, check credit limit,
obtain approval for any discrepancy etc.
6
SECTION – B: STRATEGIC MANAGEMENT
SUGGESTED ANSWERS/HINTS
1. (A)
(1) (2) (3) (4) (5)
(b) (c) (d) (c) (b)
(B) (c)
(C) (c)
(D) (b)
(E) (a)
(F) (c)
(G) (b)
(H) (a)
2. The strategy used here was of developing a competitive advantage via product which helped Kamal
Sweets Corner regain their lost business. This is also one of the major importance cum advantage of
strategic management, that is helps to develop core competencies and competitive advantages to
overcome competition.
This strategy was a Reactive strategy. Wherein, the owners saw their business fall to 50% of revenue
and then seeking a strategic advisory. They did not plan proactively as to when the new shops were
already opening. They reacted only when the business started to lose up.
Generally, it is always beneficial to develop strategies proactively, so that the dip in businesses is
small and manageable, and even if they are huge, the management has ample time to fix it.
3. (a) The presence of strategic management cannot counter all hindrances and always achieve
success as there are limitations attached to strategic management. These can be explained in
the following lines:
Environment is highly complex and turbulent. It is difficult to understand the complex
environment and exactly pinpoint how it will shape-up in future. The organisational estimate
about its future shape may awfully go wrong and jeopardise all strategic plans. The
environment affects as the organisation has to deal with suppliers, customers, governments
and other external factors.
Strategic Management is a time-consuming process. Organisations spend a lot of time
in preparing, communicating the strategies that may impede daily operations and negatively
impact the routine business.
Strategic Management is a costly process. Strategic management adds a lot of expenses
to an organization. Expert strategic planners need to be engaged, efforts are made for
analysis of external and internal environments devise strategies and properly implement.
These can be really costly for organisations with limited resources particularly when small
and medium organisations create strategies to compete.
In a competitive scenario, where all organisations are trying to move strategically, it is difficult to
clearly estimate the competitive responses to the strategies.
7
(b) A strategic group consists of those rival firms which have similar competitive approaches and
positions in the market. Companies in the same strategic group can resemble one another in any
of the several ways – have comparable product-line breadth, same price/quality range, same
distribution channels, same product attributes, identical technological approaches, offer similar
services and technical assistance and so on.
The procedure for constructing a strategic group map and deciding which firms belong in which
strategic group is as follows:
Identify the competitive characteristics that differentiate firms in the industry typical
variables are price/quality range (high, medium, low); geographic coverage (local, regiona l,
national, global); degree of vertical integration (none, partial, full); product -line breadth
(wide, narrow); use of distribution channels (one, some, all); and degree of service offered
(no-frills, limited, full).
Plot the firms on a two-variable map using pairs of these differentiating characteristics.
Assign firms that fall in about the same strategy space to the same strategic group.
Draw circles around each strategic group making the circles proportional to the size of the
group’s respective share of total industry sales revenues.
4. (a) A company’s mission statement is typically focused on its present business scope — “who we are
and what we do”; mission statements broadly describe an organizations present capabilities,
customer focus activities and business makeup. An organisation’s mission states what customers
it serves, what need it satisfies, and what type of product it offers. It is an expression of the
growth ambition of the organisation. It helps organisation to set its own special identity, business
emphasis and path for development. Mission amplifies what brings the organisation to this
business or why it is there, what existence it seeks and what purpose it seeks to achieve as a
business organisation.
In other words, the mission serves as a justification for the firm's very presence and existence; it
legitimizes the firm's presence.
(b) Following are the differences between Divestment and Liquidation strategy:
Divestment Strategy Liquidation Strategy
Divestment strategy involves the sale or It involves closing down a firm and selling its
liquidation of a portion of business, or a major assets.
division, profit center or SBU.
Divestment is usually a part of rehabilitation Liquidation becomes only option in case of
or restructuring plan and is adopted when a severe and critical conditions where either
turnaround has been attempted but has turnaround or divestment are not seen as
proved to be unsuccessful. Option of a solution or have been attempted but failed.
turnaround may even be ignored if it is
obvious that divestment is the only answer.
Efforts are made for the survival of Liquidation as a form of retrenchment
organization. strategy is considered as the most extreme
and unattractive.
Survival of organization helps in retaining There is loss of employment with stigma of
personnel, at least to some extent. failure.
5. (a) The Best Cost Provider strategy would ensure a better reach to the not so affluent customers and
provide them with good quality cycles and equipments, thus tapping in on the increasing trend of
cycling.
Two sub-strategies that can be implemented are:
8
1. Offering lower prices than rivals for the same quality of products
2. Charging same prices for better quality of products
The idea of Mr. Vijay is to provide almost same quality of products in terms of functionality if not
so in terms of branding, to customer who do not have huge sums of money to pay. Thus, sub -
strategy number one, offering lower prices for almost same quality should be impl emented to
become the best cost provider of cycles and related equipments in the market.
(b) Human resource management has been accepted as a strategic partner in the formulation of
organization’s strategies and in the implementation of such strategies through human resource
planning, employment, training, appraisal and reward systems. The following points should be
kept in mind as they can have a strong influence on employee competence:
i. Recruitment and selection: The workforce will be more competent if a firm can
successfully identify, attract, and select highly competent applicants.
ii. Training: The workforce will be more competent if employees are well trained to perform
their jobs properly.
iii. Appraisal of performance: The performance appraisal is to identify any performance
deficiencies experienced by employees due to lack of competence. Such deficiencies, once
identified, can often be solved through counselling, coaching or training.
iv. Compensation: A firm can usually increase the competency of its workforce by offering
pay, benefits and rewards that are not only attractive than those of their competitors but
also recognizes merit.
6. (a) Leading change has to start with diagnosing the situation and then deciding which of several
ways to handle it. Managers have five leadership roles to play in pushing for good strategy
execution:
(i) Staying on top of what is happening, closely monitoring progress, solving out issues, and
learning what obstacles lie in the path of good execution.
(ii) Promoting a culture of esprit de corps that mobilizes and energizes organizational members
to execute strategy in a competent fashion and perform at a high level.
(iii) Keeping the organization responsive to changing conditions, alert for new opportunities,
bubbling with innovative ideas, and ahead of rivals in developing competitively valuable
competencies and capabilities.
(iv) Exercising ethical leadership and insisting that the company conduct its affairs like a model
corporate citizen.
(v) Pushing corrective actions to improve strategy execution and overall strategic performance.
(b) The various steps in Benchmarking Process are as under:
(i) Identifying the need for benchmarking: This step will define the objectives of the
benchmarking exercise. It will also involve selecting the type of benchmarking.
Organizations identify realistic opportunities for improvements.
(ii) Clearly understanding existing decisions processes: The step will involve compiling
information and data on performance.
(iii) Identify best processes: Within the selected framework best processes are identified.
These may be within the same organization or external to them.
(iv) Comparison of own process and performance with that of others: Benchmarking
process also involves comparison of performance of the organization with performance of
other organization. Any deviation between the two is analysed to make further
improvements.
9
(v) Prepare a report and implement the steps necessary to close the performance gap: A
report on benchmarking initiatives containing recommendations is prepared. Such a report
also contains the action plans for implementation.
(vi) Evaluation: Business organizations evaluate the results of the benchmarking process in
terms of improvements vis-à-vis objectives and other criteria set for the purpose. It also
periodically evaluates and reset the benchmarks in the light of changes in the conditions
that impact the performance.
10
Test Series: March, 2021
MOCK TEST PAPER - 1
INTERMEDIATE (IPC): GROUP – II
PAPER – 7: ENTERPRISE INFORMATION SYSTEMS AND STRATEGIC MANAGEMENT
SECTION – A: Enterprise Information Systems
Time Allowed – 1½ Hours Maximum Marks: 50 Marks
Part I : Multiple Choice Questions
Total Marks: 15 Marks
Question Nos. 1 to 5 carries 2 marks each.
M/s TAS & Sons is an automobile manufacturer of spare parts of four wheelers in India. The company has
four manufacturing units in various locations across the country. It also has two branch offices located in
Pune and Hyderabad to handle activities like orders, delivery, complaints and stock operations. The
company maintains its account with ABC Bank from where it also has taken various loans and advances.
Sometime ago, the company’s business processes like accounting, purchase, sales and inventory were
maintained in manual mode. The management of the company observed that the manual processing of
these activities hinder the overall working of the business related daily operations. This resulted in huge
gap in the flow of information, pending orders, delayed deliveries, and delayed decision making due to lack
of business reports and therefore overall non-performance. Thus, the management committee decides to
adopt the process of automation for its various business operations so that information flow would be timely
and consolidated within its branches and manufacturing units. To attain this objective, the service models of
Cloud Computing are proposed to be adopted so that the branches and manufacturing units are
interconnected with centralized mechanism of data sharing and storage. The proposed system with well-
implemented access controls will provide robust data security among its systems of branches and
manufacturing units. Not only the record keeping, but also data maintenance and reports generation would
become simpler after the implementation of proposed system. The management is also looking for better
prospects of adhering to the legal compliances of the country and also to initiate its business operations
through online mode.
Subsequently, the company hires a consultant Mr. Sumit to carry out the feasibility study of its proposed
system who prepares a feasibility report and submits to the management. Based on the go ahead report of
Mr. Sumit’s report, a project team is scheduled to be constituted who will work under him to execute the
project and ensure its delivery on time.
1. The Management committee of M/s TAS & Sons decides to automate its entire business processes
anticipating reaping better benefits for the company. Which of the following does not come under the
category of benefits of Automation?
(a) Consistency of automated processes
(b) Automating Redundant processes
(c) Reduction of turnaround time
(d) Better utilization of employees’ time
1. (A) Rohansh Bakshi a 22-year-old from Maharashtra, started a gaming equipment company called
TEEMOX, which specialises in gaming chairs, gaming consoles, controllers, wireless keyboard,
and touchscreen mouse pads. Rohan has been an innovator and loves building products. Hence,
to prioritise his time more on development, he insisted Mr. N. Muniyappa, his mentor, to be the
CEO of the company and spearhead business from the front.
Rohansh has always believed in bringing something new to the consumer and that is clearly
projected in the products offered by TEEMOX. His designs reflect youth with exciting colors and
comfort, and they match the quality of global big brands. However, to make hi s products worth the
money that his customers are paying, the procurement is done from Indonesia and Vietnam, where
the materials are easily available at low costs.
Interestingly, Rohansh’s AI based gaming chairs have been a huge hit for the company, bringing
in the maximum revenue and margins. The business has gone from 200 units sold to over 5000
units sold in just six months. To add to it, a famous FMCG Brand approached TEEMOX to
collaborate for a sports drink focused on gamers. The team is excited about this collaboration as
the deal shall bring in more awareness and open newer markets for them. But Mr. Muniyappa
insists that this might as well displease the existing consumers who relate to TEEMOX as a
customer-oriented brand rather than yet another money minting business.
Nonetheless, the plans seem to be working in the company’s favour for now and the future seems
bright. To put in context, the gaming industry is booming with a Compound Annual Growth Rate
(CAGR) of 190%, adding over 20 million new customers every quarter. Clearly, o pportunities are
enormous, and the brand is on track. A well-established vision and mission for the company could
be a strong strategic advantage for challenging times to come.
Based on the above Case Scenario, answer the Multiple-Choice Questions which are as follows:
1. Based on the above case which of the following seems true above the Strategy of TEEMOX?
(a) Strategy was unified and comprehensive.
(b) Strategy was comprehensive and integrated.
(c) Strategy was integrated and unified.
(d) Strategy was integrated, unified and comprehensive. (1 Mark)
2. Gaming chair business of TEEMOX is a cash cow. Which of the following strategies helped
it become such an influential business?
(a) Organisation differentiation
(b) Product differentiation
(c) Focused differentiation
(d) Low-cost product provider (1 Mark)
(B) (a)
(C) (a)
(D) (b)
(E) (a)
(F) (b)
(G) (a)
2. According to Porter, strategies allow organizations to gain competitive advantage from three different bases:
cost leadership, differentiation, and focus. Porter called these base generic strategies.
X-Olympus is facing cutthroat competition due to saturation of market and price wars as there is no clear
leader out of the numerous competitors. For this, the strategy adopted by X-Olympus is Product
Differentiation by introducing a unique product to cater the customer needs at a lesser cost which would
insulate it from the fierce competition and never-ending price wars.
3. (a) Yes, strategy is partly proactive and partly reactive. In proactive strategy, organisations will analyse
possible environmental scenarios and create strategic framework after proper pla nning and set
procedures and work on these strategies in a pre-determined manner. However, in reality no
company can forecast both internal and external environment exactly. Everything cannot be
planned in advance. It is not possible to anticipate moves of rival firms, consumer behaviour,
evolving technologies and so on.
There can be significant deviations between what was visualised and what actually happens. There
can be significant or major strategic changes when the environment demands. Reactive strateg y
is triggered by the changes in the environment and provides ways and means to cope with the
negative factors or take advantage of emerging opportunities.
(b) As industry’s Key Success Factors (KSFs) are those things that most affect industry members’
ability to prosper in the market place – the particular strategy elements, product attributes,
resources, competencies, competitive capabilities and business outcomes that spell the difference
between profit & loss and ultimately, between competitive success or failure. KSFs by their very
nature are so important that all firms in the industry must pay close attention to them. They are the
prerequisites for industry success, or, to put it in another way, KSFs are the rules that shape
whether a company will be financially and competitively successful.
4. (a) Decision making is a managerial process of selecting the best course of action out of several
alternative courses for the purpose of accomplishment of the organisational goals. Decisions may
be operational, i.e., which relate to general day-to-day operations. They may also be strategic in
nature.
As owner manager at the top level in the company, Shri Alok Kumar should concentrate on strategic
decisions. These are higher level decisions having organisation wide implications. The major
dimensions of strategic decisions are as follows: